pp-hotel-tonight
Warn
Audited by Socket on May 20, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS. The stated purpose is coherent and mostly read-only, but the skill’s footprint is broader than necessary because it installs third-party CLIs/MCP components from a different publisher namespace and allows arbitrary webhook delivery. This looks more like elevated supply-chain and outbound-data risk than confirmed malware.
Confidence: 84%Severity: 74%
Audit Metadata